Cookie Consent
We use cookies to give you the best experience on our website. If you continue without changing your cookie settings, we assume that you consent to our use of cookies on this device. You can change your cookie settings at any time but if you do, you may lose some functionality on our website.
Garda Confidential No.: 1 800 666 111

Garda Warning in relation to Computer Scam "Police" Trojan – Ransomware

A computer-based scam has recently come to light which involves the misuse of police logos in an attempt to extract money from victims, by locking them out of their computers and asking them to pay a fine in order to get the computer unlocked.

Background & how it works:

Ransomware is a kind of malware that withholds some digital asset from the victim and asks for payment in order to release it back. This trend of attacks started in Russia back in 2005-2006 and has been changing tactics and targets since then.
This last wave of attacks is targeting users in a very specific way by geo-locating the victims and confronting them with their own country's regional Police Forces meanwhile their whole computer is being held captive. A lot of people out there know this specific attack as "the police Trojan". Europol and TrendMicro have been analysing this attack since it started. In brief under a purely technical analysis, this is a run-of-the-mill ransomware Trojan.
When the user is infected, the malicious software contacts a C&C (Command and Control) server that detects the country it’s coming from. It downloads a localised graphic with the appropriate language and the police logo and hijacks the user’s screen so that they can’t do anything "until the fine has been paid". A recent meeting in Europol saw 18 Countries attend a meeting to discuss this attack at this meeting Italy reported 4000 victims.

Typically, the victim’s computer becomes infected with a virus due to visiting a website which contains the malware. Once the virus has activated, it locks the computer and causes the page to be displayed to the victim. This page will display the logo of the victim’s local law enforcement agency and will contain a message accusing the victim of having committed illegal activity and demanding payment of a "fine" in order to return control of the computer back to its owner.

Geographic spread:

The virus has targeted users in the following jurisdictions to date: Germany, Spain, France, Italy, Great Britain, Belgium, Czech Republic, Luxembourg, Estonia, Netherlands, Portugal and Austria. Intelligence suggests it is to spread to more including Ireland. The virus doesn’t currently execute its payload where it detects that the computer is not in one of these countries, but the probability is that further jurisdictions will be targeted in future. See screen capture of the image that will be displayed on the screens of Irish Victims below.

Advice for persons affected in the event of the Republic of Ireland being targeted:

In the event that this attack begins in Ireland our advice is: DO NOT PAY ANY FINES. This is NOT a Garda initiative. If you become infected by this malicious software all affected computers should be repaired by a reputable repair person. Where a person has been deceived into paying money, a report should be made to their local Garda Station. Computer users should run anti-virus software and keep it as up to date as possible.
Please see attached links for further information: